Difference between revisions of "CTF-practice-evening:2014-03-24"

From Technologia Incognita
Jump to: navigation, search
Line 27: Line 27:
 
*** The kernel needs to tell where the binary starts
 
*** The kernel needs to tell where the binary starts
 
** You could also use IDA, but that's overkill for this binary
 
** You could also use IDA, but that's overkill for this binary
 +
* If you run it with strace, you see a list of signals and system calls
 +
  
 
= Next CTF Competition =
 
= Next CTF Competition =

Revision as of 19:38, 24 March 2014

CTF-practice-evening:2014-03-24
Date 2014/03/24
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 11

  • 24 March, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

Walkthrough: Minibomb

  • Brainsmoke is explaining how he solved the challenge 'Minibomb' during the Codegate CTF
  • Minibomb is a small setuid binary
    • This is probably a handmade binary written in assembler, Linux ELF, 32 bit
    • You can see the ELF header if you use file or hexdump
      • For more information about the ELF header (including the binary entry point, memory pages being loaded, executable text, etc..), you can use readelf
    • Objdump allows us to disassemble the binary
    • It's a static binary - there's no dynamic loader
      • Dynamic binaries have an interpreter section, with more LD-* things that need to be resolved
      • The kernel needs to tell where the binary starts
    • You could also use IDA, but that's overkill for this binary
  • If you run it with strace, you see a list of signals and system calls


Next CTF Competition

Cryptanalysis

http://www.overthewire.org/wargames/krypton/krypton0.shtml